We make no effort to optimize the code, and instead focus on a clear
implementation. In fact, the RC4 algorithm relies on in-place update of
its state heavily for efficiency, and is therefore unsuitable for a purely
functional implementation.

Types

RC4 State contains 256 8-bit values. We use the symbolically accessible
full-binary type STree to represent the state, since RC4 needs
access to the array via a symbolic index and it's important to minimize access time.

Verification

Prove that round-trip encryption/decryption leaves the plain-text unchanged.
The theorem is stated parametrically over key and plain-text sizes. The expression
performs the proof for a 40-bit key (5 bytes) and 40-bit plaintext (again 5 bytes).

Note that this theorem is trivial to prove, since it is essentially establishing
xor'in the same value twice leaves a word unchanged (i.e., x xor y xor y = x).
However, the proof takes quite a while to complete, as it gives rise to a fairly
large symbolic trace.